{"id":"CVE-2016-2173","details":"org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code.","aliases":["GHSA-hrp3-8p5w-27gv"],"modified":"2026-04-11T12:02:33.048411Z","published":"2017-04-21T20:59:00.510Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"22"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"23"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"24"}],"source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"https://pivotal.io/security/cve-2016-2173"},{"type":"FIX","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182551.html"},{"type":"FIX","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182850.html"},{"type":"FIX","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182959.html"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326205"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/spring-projects/spring-amqp","events":[{"introduced":"0"},{"fixed":"5f117e7244f2a38e7a800f6455af753395da84f5"}],"database_specific":{"cpe":"cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.5.5"}],"source":"CPE_FIELD"}}],"versions":["1.0.0.M1","1.0.0.M2","1.1.0.RELEASE","1.1.1.RELEASE","v1.2.0.RC1","v1.2.0.RELEASE","v1.2.0a.M1","v1.3.0.M1","v1.3.0.M2","v1.3.0.RC1","v1.3.0.RELEASE","v1.3.1.RELEASE","v1.3.2.RELEASE","v1.3.3.RELEASE","v1.3.4.RELEASE","v1.4.0.M1","v1.4.0.RC1","v1.4.0.RELEASE","v1.4.1.RELEASE","v1.4.2.M1","v1.4.2.M2","v1.4.2.RELEASE","v1.5.0.M1","v1.5.0.RC1","v1.5.0.RELEASE","v1.5.1.RELEASE","v1.5.2.RELEASE","v1.5.3.RELEASE","v1.5.4.RELEASE"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2173.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}